Andrea, I took a look at ports-mgmt/jailaudit, and it works a bit differently than ports-mgmt/nagios-check_ports. jailaudit makes a list of packages installed in the jail and runs pkg(8) audit outside of the jail against the list. nagios-check_ports, on the other hand, calls pkg(8) audit with the -j option to run inside the jail and thus requires a copy of vuln.xml within the jail.
I would suggest running `pkg audit -F` within the jails regularly or setup something to copy vuln.xml into the jails. That being said I do have a bugfix to commit upstream that unbreaks checking for updates within a jail from outside the jail. I'll hopefully get that released soon. Ryan On 06/21/2017 06:59 AM, Ryan Frederick wrote: > Hi Andrea, > > I have a pending pull request upstream that might resolve your issue. > I'll take a look at it later today if time permits. > > Ryan > > On Jun 21, 2017 04:52, "Andrea Venturoli" <m...@netfence.it > <mailto:m...@netfence.it>> wrote: > > Hello. > > I can't seem to get net-mgmt/nagios-check_ports for jails to work. > > Example: > > # pkg audit -F > vulnxml file up-to-date > 0 problem(s) in the installed packages found. > # /usr/local/libexec/nagios/check_ports -j cacti pkg: vulnxml > file (null) does not exist. Try running 'pkg audit -F' first > [: -gt: unexpected operator > PORTS OK - security problem(s). | total_updates=0;0;0 > security_problems=;0;0 > # /usr/local/etc/periodic/security/410.jailaudit > Downloading a current audit database: > pkgng support enabled, using /usr/local/sbin/pkg version 1.10.1. > > portaudit for jails on xxxx.xxxxx - 5 problem(s) found. > > portaudit for jail: cacti (JID: 3) > > apache24-2.4.25_1 is vulnerable: > Apache httpd -- several vulnerabilities > CVE: CVE-2017-7679 > CVE: CVE-2017-7668 > CVE: CVE-2017-7659 > CVE: CVE-2017-3169 > CVE: CVE-2017-3167 > WWW: > > https://vuxml.FreeBSD.org/freebsd/0c2db2aa-5584-11e7-9a7d-b499baebfeaf.html > > <https://vuxml.FreeBSD.org/freebsd/0c2db2aa-5584-11e7-9a7d-b499baebfeaf.html> > > 1 problem(s) found. > ... > > > This host is using UFS and the jails on are created with EZJail. > > Any hint? > > bye & Thanks > av. > _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
